Subject: Re: rsync-2.6.9 has a remote-user-shell
To: None <firstname.lastname@example.org>
From: George Georgalis <email@example.com>
Date: 10/07/2007 19:42:24
On Sun, Oct 07, 2007 at 06:34:03PM +0100, Adrian Portelli wrote:
>George Georgalis wrote:
>> I've been wondering about this audit-packages message...
>> Package rsync-2.6.9 has a remote-user-shell vulnerability, see
>> seems to be around a while. On the rsync list I found a patch.
>> Can someone aply it?
>> // George
>This was fixed about 6 weeks ago by tron@ and the package was bumped to
>2.6.9nb1. The fix was also pulled up into the stable branch.
oh, okay. it seems my cvs is updated but on several
hosts, pkg_chk -un is not indicating an update is
available. I'll take a closer look Monday.
George Georgalis, information system scientist <IXOYE><